adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,506 Commits 27 Branches 1,043 Tags
80a8ffd6546d3de00aadaa1b8d4dc441bf97d89a
Commit Graph

1502 Commits

Author SHA1 Message Date
bwatters e58c6b9df2 Land #18721, SharePoint Unauth RCE Exploit Chain (CVE-2023-29357 & CVE-2023-24955) 
Merge branch 'land-18721' into upstream-master
 2024-03-26 12:42:22 -05:00
errorxyz 97513d473f Update manageengine_endpoint_central and servicedesk_plus default payloads 2024-02-23 00:00:18 +05:30
Jack Heysel 4e4303c274 Fixed backup_bdc_metadata initialization 2024-02-15 09:26:54 -05:00
Gaurav Jain 184ed3a162 Add suggested changes 2024-02-09 02:22:20 +05:30
Gaurav Jain 4dc21bae45 Merge branch 'rapid7:master' into manageengine 2024-02-08 15:11:15 +05:30
Gaurav Jain 25804edbf4 Add java targets for manageengine cve-2022-47966 modules 2024-02-08 01:55:52 +05:30
Jack Heysel ad45681116 Updated jwt_token format 2024-02-06 16:42:56 -05:00
Jack Heysel 92bbc47bd8 Changed tabs to spaces fixed msftidy 2024-02-06 15:54:33 -05:00
Jack Heysel 4bb871453e Rubocop 2024-02-06 15:44:06 -05:00
Jack Heysel 326b50bd4d Responded to comments 2024-02-06 15:22:21 -05:00
adfoster-r7 094d6ee36b Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
Kevin Joensen dfa54d02b9 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-01-22 10:10:14 +01:00
Jack Heysel aa30a00c0e Rubocop 2024-01-21 19:45:29 -05:00
Jack Heysel 7a5fe5b32c Randomized payload plus minor fixes 2024-01-21 19:04:14 -05:00
jheysel-r7 be631e5213 Apply remaining suggestions from jvoisin 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-19 20:32:49 -05:00
jheysel-r7 5f1fa2a678 Apply suggestions from jvoisin 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-19 20:30:53 -05:00
Jack Heysel 9e5783a3e7 Rubocop 2024-01-19 15:42:39 -05:00
Jack Heysel 31ebc8273a Added AutoCheck check in exploit method 2024-01-19 15:40:35 -05:00
Jack Heysel 854ec41db1 Initial commit 2024-01-19 15:22:22 -05:00
Kevin Joensen 3b8f684d08 Fixed check module function 2023-12-29 16:18:50 +01:00
Kevin Joensen 2f023f7315 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-12-29 14:50:47 +01:00
Kevin Joensen 5de0e4e234 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-12-13 14:30:00 +01:00
Kevin Joensen 52a23e3afb Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-12-13 14:29:49 +01:00
Kevin Joensen 83dccfafaf added retry_until_truthy and sensor deletion upon payload running 2023-12-07 15:16:42 +01:00
Kevin Joensen 2718c078d2 removed WfsDelay 2023-12-01 10:15:55 +01:00
Kevin Joensen d26db0b1dd changed datastore['TARGETURI'] to target_uri.path 2023-12-01 10:15:13 +01:00
Kevin Joensen 26e7807154 updated URI to TARGETURI 2023-12-01 10:09:06 +01:00
Kevin Joensen 9105966b20 Fixed debug string 2023-12-01 10:07:28 +01:00
Kevin Joensen 7dbd938e3b fixed linting with rubocop and msftidy.rb 2023-11-27 18:44:10 +01:00
Kevin Joensen 3ffeef36f6 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-27 11:48:50 +01:00
Kevin Joensen ebc18db0ac Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-27 11:48:12 +01:00
Kevin Joensen 4906ea228d updated fields to have random values 2023-11-27 09:39:18 +01:00
Kevin Joensen 27b2cdf5b1 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Remove obsolete slash in normalize_uri parameters

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:09:15 +01:00
Kevin Joensen 32380d8a26 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Remove obsolete slash in normalize_uri parameters

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:09:03 +01:00
Kevin Joensen a04943063e Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Removes quotes from normalize_uri parameters.

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:07:08 +01:00
Kevin Joensen 8c007c0ef7 added exploit for CVE-2023-32781 - PRTG authenticated RCE 2023-11-23 19:28:02 +01:00
Jemmy Wang f83f183fe2 Apply Code Suggestions from review 2023-11-03 00:04:20 +08:00
Jemmy Wang a7e8be4860 Fix code styling to pass msftidy 2023-11-02 10:35:49 +08:00
Jemmy Wang 9f9f18c73f Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-02 10:10:26 +08:00
Jemmy Wang 00ccebe8ce Upadte documentation for AjaxPro Deserializaion RCE 2023-10-31 13:31:10 +08:00
Jemmy Wang 62f3dafd91 Apply CheckCode message suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-10-31 10:45:58 +08:00
Jemmy Wang cd3556dd71 Add Exploit for AjaxPro Deserialization RCE (CVE2021-23758) 2023-10-28 00:48:52 +08:00
sfewer-r7 8431d11654 leverage Rex::MIME::Message instead of creating the multipart data manualy 2023-10-04 09:39:25 +01:00
sfewer-r7 ccd8c71ec6 change the payload space to 5000. This allows all the payloads I tested to work but also allows all the 3 gadget chains I tested to work. ClaimsPrincipal and TypeConfuseDelegate will fail if the space is too large. 2023-10-04 09:38:42 +01:00
sfewer-r7 1be8e0245b remove the powershell target as the powershell command adapter will handle this for us (thanks Spencer). Increate the space to handle the larger powershell command lines. I tested with cmd/windows/powershell/x64/meterpreter/reverse_tcp and the powershell command length was 4404. 2023-10-03 17:48:37 +01:00
sfewer-r7 2eacb75feb Add a reference to the AssetNote blog. Better describe what teh TARGET_URI option is for and why it defaults to /AHT/ 2023-10-03 11:17:21 +01:00
sfewer-r7 1695a12c9c Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way. 2023-10-02 17:40:11 +01:00
sfewer-r7 53ed4a632b add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization. 2023-10-02 11:42:19 +01:00
Ege Balcı e286c96dee Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:17 +00:00
Ege Balcı 3509193ae8 Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:10 +00:00